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REMARKS 

Claims 1-34 were presented for examination and all claims were rejected. In the current 
amendment, claims 1-10, 16-20 and 22-26 have been amended. No new matter has been 
introduced. Upon entry of the current amendment, claims 1-34 will be pending, of which claims 
1 and 26 are independent. Applicants submit that claims 1-34 are patentable and in condition for 
allowance. 

The following comments address all stated grounds of rejection. Applicants respectfully 
traverse all rejections and urge the Examiner to pass the claims to allowance in view of the 
remarks set forth below. 

CLAIM REJECTIONS UNDER 35 U.S.C. $112 

I. Claims 1-34 Rejected Under 35 U.S.C. $112, First Paragraph 

Claims 1-34 were rejected under 35 U.S.C. §112, first paragraph, as failing to comply 
with the written description requirement. Specifically, the Examiner contended that the 
limitation "responsive to the application isolation layer and the user isolation layer forming the 
isolation environment in which the process executes" was not adequately described in the 
specification. It is unclear as to which part of the phrase the Examiner is referring to: that a rule 
is selected responsive to the application isolation layer and user isolation layer, or that an 
isolation environment comprises an application isolation layer and a user isolation layer. 
Nonetheless, Applicants traverse this rejection. For the former part of the phrase, Applicants 
respectfully direct the Examiner to paragraphs 83 and 97-101 of the present disclosure, which 
describes selection of an applicable rule and the rule associated with an isolation scope provided 
by an isolation layer. For the latter part of the phrase, Applicants respectfully direct the 
Examiner to paragraphs 61-68 of the present disclosure, which describe an isolation environment 
as comprising an application isolation layer and a user isolation layer. Applicants contend that 
both of these phrases are adequately described in the specification such that one skilled in the art 
would reasonably understand that Applicants had possession of the claimed invention. 
Accordingly, Applicants respectfully request the Examiner to withdraw the rejection of claims 1- 
34 under 35 U.S.C. §1 12, first paragraph. 
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II. Claims 1-34 Rejected Under 35 U.S.C. §1 12. Second Paragraph 

Claims 1-34 were rejected under 35 U.S.C. §1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which Applicants 
regard as the invention. 

A. Antecedent Basis 

Applicants hereby amend claims 1 and 26 and respectfully submit that the rejections in 
section 8(a) of the Office Action are overcome by these amendments. Furthermore, the 
Examiner objected to the term "the group" as lacking antecedent basis in claim 5. Applicants 
assume that the Examiner is referring to either claim 2 or claim 6, as this term does not appear in 
claim 5. Nonetheless, Applicants respectfully direct the Examiner to the Manual of Patent 
Examining Procedure ("MPEP") §2 173. 05(h), which explains Markush groups, which recite 
members as being "selected from the group consisting of A, B and C." (MPEP §2173.05(h), 
citing to Ex parte Markush , 1925 CD. 126 (Comm'r Pat. 1925). "The group" is defined in each 
of claims 2 and 6 as consisting of the listed elements. Thus, Applicants submit that these 
limitations are properly claimed as a Markush group, and do not lack antecedent basis. 

B. Indefinitcncss 

Applicants hereby amend claims 1-10, 16-20 and 22-26 and respectfully submit that the 
rejections in section 8(b)(i-iii) of the Office Action are overcome by these amendments. 
Furthermore, the Examiner contended that it was not clearly understood what was meant by 
"forming a literal name. . . in response to the [selected] rule" in claims 1 and 26. Applicants 
respectfully direct the Examiner to Figure 12 and accompanying paragraphs 275-285 of the 
present disclosure, which describe forming a literal name for a requested system object in 
response to a selected rule. 

The Examiner further rejected claims 27-32 in section 8(b)(v-vi) of the Office Action, 
claiming that it was unclear if the limitations "a request" and "a system object" were the same as 
those of claim 26, lines 3 and 4. Claim 26 recites "computer-readable program means for 
receiving a request to access a system object". This recited means performs functions, as recited 
in claims 27-32. Accordingly, the limitations of claims 27-32 are functional limitations, while 
the limitations of claim 26 are structural limitations. Thus, it would be clear to one skilled in the 
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art that the functional limitations "a request" and "a system object" of claims 27-32 are distinct 
from the structural limitations recited in claim 26. 

For at least the above discussed reasons, Applicants submit that claims 1-34, as amended, 
comply with the requirements of 35 U.S.C. § 1 12, second paragraph. Accordingly, Applicants 
respectfully request that the Examiner withdraw the rejection of claims 1-34 under 35 U.S.C. 
§ 1 12, second paragraph. 

CLAIM REJECTIONS UNDER 35 U.S.C. $101 

III. Claims 26-34 Rejected Under 35 U.S.C. $101 

Claims 26-34 were rejected under 35 U.S.C. §101 as directed towards non-statutory 
subject matter. Claims 26 is an independent claim. Claims 27-34 depend on and incorporate all 
of the patentable subject matter of independent claim 26. Applicants traverse this rejection and 
submit that claims 26-34 are directed to statutory subject matter. 

Under the "machine-or-transformation" test of In Re Bilski . claimed subject matter is 
patentable under 35 U.S.C. § 101 if "(1) it is tied to a particular machine or apparatus, or (2) it 
transforms a particular article into a different state or thing." 545 F.3d 943, 954 (CAFC, 2008). 
Claim 26 recites an apparatus comprising computer-readable program means for receiving a 
request; computer-readable program means for forming a literal name; and computer-readable 
program means for requesting access. These means-plus-function limitations include 
corresponding structure defined in the specification. Such an apparatus having these means is a 
particular machine and is thus statutory subject matter (see MPEP 2106.01, citing to In Re 
Warmerdam 33 F.3d 1354, 1360-1361 (Fed. Cir. 1994)). 

For at least the above discussed reasons, Applicants submit that the subject matter of 
claim 26 and dependent claims 27-34 are directed to statutory subject matter. Accordingly, 
Applicants request the Examiner to reconsider and withdraw the rejection of claims 26-34 under 
35 U.S.C. §101. 
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CLAIM REJECTIONS UNDER 35 U.S.C. $102 

IV. Claim 26 Rejected under 35 USC $102 

Claim 26 was rejected under 35 U.S.C. § 102(e) as anticipated by U.S. Patent No. 
7,203,941 to Demsey et al. ("Demsey"). Claim 26 is an independent claim, amended herein. 
Applicants traverse this rejection and submit that Demsey fails to disclose each and every 
element of claim 26, as amended. 

A. Claim 26 Not Anticipated by Demsey 

A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference. Claim 26 is directed 
towards an apparatus comprising means for virtualizing access to system objects. This claim 
recites: 

(i) a process executing in a context of an isolation environment, the 
isolation environment comprising an application isolation layer and a user 
isolation layer ; 

(ii) the process requesting access to a system object, the request including 
a virtual name for the system object; and 

(iii) means for forming a literal name for the system object. 

Demsey fails to teach or suggest (i) a process executing in the context of an isolation 
environment which comprises an application isolation layer and a user isolation layer . The 
Examiner cites Demsey's applications 102 as a user isolation layer. While Demsey's 
applications 102 run in "user code", this is not a user isolation layer, as Demsey only has a single 
user. Demsey's distinction is between system code and user code, the latter being .exe files 
"executed by the user of the computer environment to run the application, and therefore 
[causing] the application perform as desired by the user ." (see Demsey, col. 10, lines 45-48, 
emphasis added). In fact, Demsey is silent regarding multiple users or isolation of one user from 
another. Thus, Demsey is also silent regarding a user isolation layer that provides a user 
isolation scope, or a user-specific view of system resources (see specification, para. 61). 

Demsey also fails to teach or suggest (ii) the process requesting access to a system object, 
in which the request includes a virtual name for the system object. Demsey merely describes a 
tracking system for system resource handles for the purpose of reallocating resources to 
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applications and performing garbage collection routines. The Examiner notes that Demsey 
describes an application executing in a virtual machine requesting access to a native resource 
(see Demsey, col. 7, lines 17-25). However, Demsey is silent regarding the request including a 
virtual name for the system object. In fact, Demsey's applications request access directly to 
system objects. All of Demsey's applications can see the native resources directly; thus, Demsey 
does not use a virtual name for the system object in a request. 

Finally, Demsey fails to teach or suggest (iii) forming a literal name for the system object. 
As discussed above, Demsey's applications request access directly to system objects. 
Accordingly, Demsey does not need to form a literal name for the object, because Demsey does 
not need to translate a virtual name for the object. Furthermore, as discussed above, Demsey is 
silent regarding isolating applications and users from each other. Even assuming for the sake of 
argument that Demsey's managed code is an application isolation layer and user code is a user 
isolation layer, all applications would share the same isolation layers. Thus, if Demsey were to 
form a literal name for a requested object, responsive to the application isolation layer and the 
user isolation layer forming the isolation environment in which the requesting application 
executes, the literal name formed would be the same, regardless of the requesting application. 
Thus, Demsey's applications and users would still not be isolated from each other, as all 
applications would access the same object, regardless of application or user. 

For at least the above discussed reasons, Demsey fails to disclose each and every element 
of claim 26. Therefore, Applicants submit that claim 26 is patentable and in condition for 
allowance. Accordingly, Applicants respectfully request the Examiner to withdraw the rejection 
of claim 26 under 35 U.S.C. §102. 

CLAIM REJECTIONS UNDER 35 U.S.C. $103 

V. Claims 1-25, 27-34 Rejected under 35 USC $ 103(a) 

Claims 1-25 and 27-34 were rejected as unpatentable over Demsey in view of U.S. Patent 
Application Publication No. 2003/0233544 to Erlingsson ("Erlingsson"). Claims 2-25 depend on 
and incorporate all of the patentable subject matter of independent claim 1 . Claims 27-34 
depend on and incorporate all of the patentable subject matter of independent claim 26. 
Applicants traverse these rejections and submit that Demsey and Erlingsson, alone or in 
combination, fail to teach or suggest each and every feature of the claimed invention. 
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A. Independent Claim 1 Patentable over Demsey in view of Erlingsson 

To establish prima facie obviousness of a claimed invention, all the claim limitations 
must be taught or suggested by the prior art. Claim 1 is directed towards a method for 
virtualizing access to system objects for processes executing in the context of an isolation 
environment, the isolation environment comprising an application isolation layer and a user 
isolation layer. The process requests access to a system object, and the request includes a virtual 
name for the system object. A rule is selected, responsive to the application isolation layer and 
the user isolation layer forming the isolation environment. Based on the selected rule, a literal 
name for the system object is formed and the request for access is issued to the operating system, 
now with the literal name instead of the virtual name for the system object. Demsey and 
Erlingsson, alone or in combination, fail to teach or suggest each and every element of the 
claimed invention. 

As discussed above, Demsey fails to teach or suggest: 

(i) a process executing in a context of an isolation environment, the 
isolation environment comprising an application isolation layer and a user 
isolation layer ; 

(ii) the process requesting access to a system object, the request including 
a virtual name for the system object; and 

(iii) forming a literal name for the system object. 

Erlingsson also fails to teach or suggest these elements. Furthermore, although the 
Examiner cites Erlingsson for describing "selecting a rule associated with a request," Erlingsson 
does not teach or suggest the selection being "responsive to the application isolation layer and 
the user isolation layer forming the isolation environment in which the process executes." 
Rather, Erlingsson creates derived user accounts (DUAs), which are user accounts associated 
with an original user account (OUA). Erlingsson's derivation rules are "a set of rules that link 
any aspect of a DUA with the corresponding aspect of its OUA." (Erlingsson, col. 6, lines 46- 
47). Erlingsson shows an exemplary set of derivation rules ("DUA Table", Erlingsson, col. 7). 
These rules are specific to a DUA and show how a request for a resource is redirected to a 
different resource, depending on the derivation rules. Thus, rather than a rule being selected 
responsive to the application isolation layer and the user isolation layer forming the isolation 
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environment in which the process executes, Erlingsson's derivation rule is merely selected 
responsive to the user account of the process. 

Furthermore, Erlingsson fails to teach or suggest (i) a process executing in a context of an 
isolation environment, comprising an application isolation layer and a user isolation layer. 
Although Erlingsson describes a multi-user system (derived user accounts are legitimate user 
accounts, distinct from the original user accounts), there is no user isolation layer. Rather than 
seeing a user isolation scope, or a user-specific view of native resources provided by a user 
isolation layer, Erlingssons user accounts all see the same resources, with access controlled 
merely by access privileges, permissions, and rights granted to each user (Id., col. 4, lines 19-25). 
Thus, all user accounts can see the same resources. 

Erlingsson also fails to teach or suggest (ii) a process requesting access to a system object, 
the request including a virtual name for the object or (iii) forming a literal name for the object. 
In Erlingsson, applications request access to a resource directly by a literal name. Depending on 
transformation rules, Erlinggson may transform the request to request access to a different 
resource via a different literal name (Id., col. 7, lines 41-59). However, this is not the same as 
the request including a virtual name for an object, and forming a literal name for the object in 
response to a rule determined based on the application isolation layer and user isolation layer in 
which the requesting process executes. Thus, Erlingsson also fails to teach or suggest these 
elements of the claimed invention. 

Because Demsey and Erlingsson, alone or in combination, fail to teach or suggest each 
and every element of the claimed invention, Applicants submit that independent claim 1 is 
patentable and in condition for allowance. Therefore, Applicants request the Examiner to 
withdraw the rejection of claim 1 under 35 U.S.C. §103. 

B. Dependent Claims 2-25 and 27-34 Patentable over Demsey and Erlinggson 

In view of the arguments above in connection with the rejection of independent claims 1 
and 26, Applicants submit that independent claims 1 and 26 are patentable and in condition for 
allowance. Claims 2-25 depend on and incorporate all of the patentable subject matter of 
independent claim 1. Claims 27-34 depend on and incorporate all of the patentable subject 
matter of independent claim 26. Thus, Applicants submit that claims 2-25 and 27-34 are also 
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patentable and in condition for allowance. Therefore, Applicants respectfully request the 
Examiner to withdraw the rejection of claims 2-25 and 27-34 under 35 U.S.C. §103. 

CONCLUSION 

In light of the aforementioned amendments and arguments, Applicants contend that each 
of the Examiner's rejections has been adequately addressed and all of the pending claims are in 
condition for allowance. Accordingly, Applicants respectfully request reconsideration, 
withdrawal of all grounds of rejection, and allowance of all of the pending claims. 

Should the Examiner feel that a telephone conference with Applicants' attorney would 
expedite prosecution of this application, the Examiner is urged to contact the Applicants' 
attorney at the telephone number identified below. 



Respectfully submitted, 

CHOATE, HALL & STEWART, LLP 

Dated: September 2 1 . 2009 /Daniel E. Rose/ 

Daniel E. Rose 
Reg. No. 63,214 



Choate, Hall & Stewart, LLP 
Two International Place 
Boston, MA 021 10 
(617) 248-5000 
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